Escaped double quotes in cookie value

[Nerixyz]

The validation fails at character 92 (0x5C):

FormatException: Invalid character in cookie value, code unit: '92' (at character 3)
"{\"200...
  ^

These two lines exclude 0x5C specifically:

sdk/sdk/lib/_http/http_headers.dart

Line 1023 in cd46a39

(codeUnit >= 0x3C && codeUnit <= 0x5B) ||

I couldn't find any reference to this specific character beeing not allowed.
If this character is not allowed in the cookie-value, is there a workaround?

[a-siva]

/cc @zanderso for confirmation about the checks in http_headers.dart

[zanderso]

@sortie was recently looking into cookie parsing. He might be the most knowledgeable in this area.

[sortie]

Dart implements a strict version of RFC 6265 (HTTP State Management Mechanism) which standardizes the cookie format.

I recently updated the documentation for the Cookie class to better describe what's allowed and the improved documentation will appear in the next release:

https://api.dartlang.org/dev/2.5.0-dev.2.0/dart-io/Cookie/value.html

Must be a cookie-value as specified in RFC 6265.

The allowed characters in a cookie value are the visible ASCII characters, U+0021 (!) through U+007E (~) except the characters: ", ,, ; and . Cookie values may be wrapped in a single pair of double quotes (U+0022, ").

Backslashes are not allowed in the cookie value. It appears you're attempting to use a double quoted cookie value, which is a feature that unfortunately never got standardized and was not supported by browsers. In this case Dart is being a strict client.

Websites cannot portably rely on cookies working if they don't follow RFC 6265. The cookie format is quite limited and if you need to store arbitrary data there, you should add your own layer of encoding. For instance, you could hexencode or base64 encode the data.

I hope that helps.